Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawmarket
v1.4.0Browse, install, buy, sell, publish, update, and review AI agent skills on ClawMarket, and manage your marketplace profile and wallet.
⭐ 0· 714·2 current·2 all-time
bysharbel@sharbelayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the SKILL.md: browsing, publishing, buying, and installing skills is exactly what a marketplace skill would do. It legitimately needs to fetch packages, return install commands, and manage reviews. However, the documented paid-purchase flow requires the buyer to sign blockchain transactions (USDC approve + escrow.purchaseSkill), which implies the agent needs a wallet and signing capability; the skill declares no required credentials or environment variables for that purpose.
Instruction Scope
The SKILL.md instructs the agent to: register and store an API key, call authenticated endpoints, download skill packages and write package.skillMd to skills/{skillId}/SKILL.md and scripts to skills/{skillId}/scripts/{name}, run installCommand output (e.g., `npx clawhub install ...`), and perform on-chain operations (approve, call escrow contract). Those instructions allow arbitrary file creation and execution of third-party code and require wallet signing — none of which are constrained or accompanied by secure handling guidance. The doc also tells the agent to always leave reviews, which could be abused to automate reputation changes.
Install Mechanism
No install spec is included (instruction-only), which reduces static install risk. However, the runtime pattern relies on executing installer commands returned by the marketplace (example: `npx clawhub install`) and writing scripts to disk — these will download and execute remote code at runtime. That runtime execution is expected for a marketplace but is high-risk and underspecified here.
Credentials
The skill declares no required env vars or primary credential, yet the paid purchase flow requires a buyer wallet capable of signing on-chain transactions and the agent to hold/store an `apiKey`. There is no guidance about private key or RPC provider configuration, no declared env var names (e.g., PRIVATE_KEY, MNEMONIC, WEB3_RPC), and no secure storage path for the API key. This mismatch between required runtime secrets and declared requirements is a clear incoherence.
Persistence & Privilege
The skill is not always-enabled and uses standard autonomous invocation defaults. It requests no system-wide privileges in metadata. However, runtime instructions direct writing into a skills/ directory and executing install commands returned by the marketplace, which grants the skill effective ability to change the agent's local skill surface at runtime — expected for a marketplace but worth noting as a privilege the agent will exercise if allowed.
What to consider before installing
This skill plausibly implements a marketplace, but there are important gaps and runtime risks you should consider before installing or allowing autonomous use:
- Missing signing credentials: The paid purchase flow requires executing transactions (USDC approve + escrow.purchaseSkill). The skill does not declare how the agent obtains or stores a wallet private key or RPC provider — ask the author how signing is intended to be performed. Do not provide your main private key without clarification. Prefer a dedicated, funded wallet with limited funds if you test purchases.
- API key handling: The agent is told to save the returned apiKey (shown only once) but the skill gives no secure storage path. Decide where the key will live and ensure it is stored encrypted or in a secrets manager.
- Arbitrary code execution: Installation commands (e.g., npm/npx) and writing downloaded scripts to skills/{skillId} will execute third-party code. Only install skills from publishers you trust, inspect downloaded SKILL.md and scripts before running, and run installs in isolated or sandboxed environments (containers, VMs) when possible.
- Automated reviews and reputation: The instructions strongly encourage automatic review posting; be cautious about automating reviews or reputation-affecting actions.
If you still want to use this skill: restrict its ability to perform purchases (use free-only mode), require manual approval before running any installCommand or signing transactions, require explicit confirmation before saving API keys or private keys, and test installs in a sandboxed environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk9778gh1pezgvcg71dex3s4dad814npq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.